News Sony Online Entertainment compromised too

Seems that Sony is securing customer data with "Security Through Obscurity" thats 100 million records hacked, why would they steal my identity when they've got 99,999,999 other peoples to steal eh.

 

As nexxo would remind us blame is not a zero sum game, Sony can be at fault as can the hackers. Sony should have taken (more) steps to protect our data, I doubt the DPA directly applies but the principles stand. If Sony want to hold our data Sony must hold it securely as it is patently obvious that criminals want our data. If Sony are not up to holding the data in a secure fashion they shouldn't.

 

Whilst they were not encrypted they were not plain text as some articles seem to suggest, they use hashing like you might on a forum for example.

no matter the security if some one wants to break in and is determined enough it'll probably happen eventually. Sonys system was secure for a number of years,

 

Which brings me to a question for you all. Is MySQL tables, PHP pages, HTML, XML, Flash, Java, Javascript (add as many as you like) - always breakable? Are there any web network servers that are 100% unbreakable?

 

Yes, any of them are 100% unbreakable if configured correctly and kept up to date. It's really easy put up a secure web system, but it gets real complicated real fast when you start adding in multiple layers of access etc.

They should have protected the personal date better. Not encrypted? Simple hashed passwords?

School boy errors Sony. Consider your wrist well and truly slapped.

 

They bitch and complain about piracy yet they cant keep our data secure.
I'm sure like many people I've never read it but surely there must be something in the EULA about this sort of thing and them having to do as much as possible to protect our data and if there isn't there bloody well should be!
Data protection works both ways,

 

This has nothing to do with piracy ... if you want excuses to be pirating then just be honest and say you're skint. Or you're a thief.

 

I didn't yet, and I would have been on the same database as an SWG subscriber in 2007.

 

Lol, I'll admit in years gone past I have, but for the last few years everything's been brought, I make no excuses.
Piracy isn't theft anyway, it's copying without permission, theft involves taking the original, but thats a whole different argument.
My point was that Sony bitch and whine about piracy and unsolicited sharing of THEIR data yet they can't keep our data secure and don't appear to do much of job even trying to keep it secure, like encrypting as much as possible.

 

This is why I asked the security question earlier. My hopes of safe online shopping/gaming are feeling more and more shattered (Sony also had my details for SOE, as well as PSN).

At some point I want to take secure payments in a project, have users create accounts ... if Sony can't do it ...

 

Agreed, sony are getting hit hard, some group must really want to killl off sony, not good.

Also sony may have had top notch security but the hackers could be so good at what they do are able to bypass any security, this is what I think.

 

Seeing Previous comments, IMHO makes me realize that people are forgetting that Geo did divulge the key to the open world, sony is responsible for that i will explain later, but it is also responsible for no taking the necessary messures and steps in order to avoid an attack as soon as they did find out this, thats unaceptable at least they shoul rebuild their system prior the hacker attack and/or tight up the security making all the information harder to access with encryptions, separeted systems etc, in my eyes this gives me a clear perspective of how we users mind to sony.

Therefore lets not forget that what geo did was because of the took of other s, this gave him the reason or excuse if you want to do it, and thats why iss sonys responsability too, because this was a feature that came with the product and it was advertised that will last till all its lifecycle, therefore for me sony is responsable for all the PSN situation because they didnt handle anything right, its a series of linked mistakes in sonys front, the only good thing they did was to shutdown the PSN as soon as the find the intrusion , however they didnt divulge the news about the situation to their users only a week before that, and that could have harmed the users more than one might think, and thats also why a vast number of users are a little bit unpleased with sony, and rightfully so.

 

Greetings!

Assuming you meant "OtherOS" when you wrote "other s", Geohot released his first hack on January 2010, for it to work it needed OtherOS functionality, Sony then proceeded to remove Other OS functionality on April 2010.
Geohot actions were not provoked by the removal of OtherOS, Sonys choice to defend its system from Geohots attack was what removed OtherOS from the console.

Another occasion where Sony is being solely blamed while the crackers\hackers are seen as heroes.

 

At the direct expense of its paying customers. Again blame is not a zero sum game Sony acted very poorly in this example.

You seem to want to exonerate Sony's actions by saying they were forced to withdraw this service, they weren't forced they chose to remove the OtherOs to protect a revenue stream at the expense of people who had already paid and had little recourse.

 

Greetings!

... as any other sane company would.

I really would like to know how many PS3 users ever tried the OtherOS. 2% of the entire user base? 1%? Less than that?

 

If they can crack Sony they can crack a lot of other big operations.

Sony may have made some bad errors in their security, but I bet there are a lot of big companies whose security is no better.

Frankly it is really worrying.

I hope there are government investigations, that lessons are learnt and that tougher legislation is put in place to make companies more responsible.

Remember we are talking about a company that makes BILLIONS, holding the details of MILLIONS of people. It is almost impossible to believe they could get boned like this.

One day I would like to hear the full story, could make a good book or a film.

 

"If they can crack Sony they can crack a lot of other big operations.

Sony may have made some bad errors in their security, but I bet there are a lot of big companies whose security is no better"
Maybe, but probably those other companies didnt go pissing off the hacker community. It's Sony's fault for not locking that junk down, but it's MORE their fault for being evil douchbags and pissing off the hacker community, which is an INVITATION to get hacked. If Sony had not been such douchbags, they would not have drawn the attention of the hackers in the first place. So I say it is COMPLETELY Sony's fault, in the same way that if you kick a dog, its your own fault if he turns around and bites you. They asked for it, and they obviously had no regard for their customers in the process.

 

Can not disagree with that.

 

If i was Sony i would've had that database locked up behind encryptions, about 50 firewalls, with daily scans and a team of people watching the incoming traffic. There is no excuse why their database was compromised, no self-respecting big business should ever give any reason for a customer to be afraid of losing his or her information. I have a friend of mine who has encryptions covering every folder and hard drive on his computer, and even a boot encryption to were you can't even get passed bios without entering the correct password. My point is, these people make billions of money per year off of their customers and they don't even have state-of-the-art encryption services for their customers?

 

So all sane companies can act at the expense of consumers, thank goodness for consumer protection laws...

I'd like to know how many Excel users use the database access functions built in, probably less than 2% but i'd still be annoyed if they removed them... What is your point?